11

I'm running Mercurial's hgwebdir.cgi on WinXP over IIS as a central repo for sharing code with my team. I'd like to use ActiveDirectory to authenticate to the server when pushing/pulling through TortoiseHg and/or the command-line hg client. Has anyone done this or seen instructions on how to do this?

Joe Schneider
  • 9,179
  • 7
  • 42
  • 59
  • It has been done, I know at least one of the dev who did it, if nobody answers here, please ask on mercurial mailing list. – tonfa Feb 16 '10 at 19:12

4 Answers4

25

I know this has already got an accepted answer, but I did a four part blog post for set up of Mercurial on IIS with Active Directory authentication and using hgwebdir.cgi for push authorization. It goes over the whole process of:

  • Setting up Mercurial's hg web interface on IIS.
  • Setting up the IIS authentication for Mercurial so that only users authorized by the active directory (i.e. security groups/users) can view/access the repositories either via the hg web interface or through the file system.
  • Configuring Active Directory authentication for Mercurial users, so only authorized users can see/access the repositories they have access to.
  • Configuring hgwebdir.cgi via hgweb.config to set push authorization for specified users to repositories.
  • Hiding hgwebdir.cgi using Helicon's ISAPI Rewrite in your repository's URL.
  • Customizing the style/feel of the hg web user interface to your own taste.

Setting up and configuring Mercurial in a Windows/IIS/Active Directory environment (web.archive.org mirror)

Wai Ha Lee
  • 8,598
  • 83
  • 57
  • 92
BenAlabaster
  • 39,070
  • 21
  • 110
  • 151
  • 1
    @alexandrul - I'm glad it helped. It was certainly a lot of work figuring it all out myself. I wanted to save others the effort I had to go to in order to wrap my head around it and get it working. – BenAlabaster Jun 02 '10 at 16:18
6

hgwebdir.cgi doesn't really authentication, although it can do authorization. You probably want to take care of authentication in the IIS config. (I don't have any experience with IIS, but that's how it works with Apache, at least.)

djc
  • 11,603
  • 5
  • 41
  • 54
  • I've done LDAP integration in apache, and this is how I accomplished it. Protect the directory and use IIS's build in AD authentication for the directory. – Jeff Feb 22 '10 at 16:24
4

Authentication is performed by IIS. In IIS Manager, allow Basic Authentication on the directory containing hgwebdir.cgi script. Then edit the Basic Authentication settings and set default domain and realm to your domain name.

In hgweb.config add

allow_push = <username>

replacing <username> with your username(s) for people who will be able to perform push. This worked for me.

Alen Siljak
  • 2,482
  • 2
  • 24
  • 29
1

Excuse my necroposting, but I've just released an alpha version of HgLab, which is a Mercurial Server for Windows and it supports Active Directory authentication out of the box.

Anton Gogolev
  • 113,561
  • 39
  • 200
  • 288